Windows Vista Tips

Windows Vista Tips > Newsgroups > Windows Vista Drivers > Error Code 52 On Signed 64-Bit Kernel Driver - More Signing Needed

Reply
Thread Tools Display Modes

Error Code 52 On Signed 64-Bit Kernel Driver - More Signing Needed

 
 
DWinters
Guest
Posts: n/a

 
      03-19-2010
In expanding our drivers to support Windows Seven 64-bit, we've run into a
snag, with error code 52. We're currently using a minimal .INF to try to get
one card working in just this environment, and once it works we'll expand it
for the other 100+ products and combine it with our 32-bit .INF.

We have a certificate based on the VeriSign Class 3 Code Signing 2009-2 CA.
We build the .SYS, sign the .SYS, make a .CAT with INF2CAT, then sign the
..CAT. Previous (failed) driver versions are removed by uninstalling via
Device Manager, and checking the checkbox to delete driver files. Driver
installation starts out well, asks if we want to trust ourselves, and does
not show the red dialog, but ends with a Code 52 failure message, saying
something unspecific in the driver package isn't signed properly and warning
that this may be the result of an attack.

Installing the certificate in the Trusted Root Certification Authorities
store doesn't appear to change anything, so we don't think it's a problem
with the certificate itself. Performing the build/sign/INF2CAT/sign steps
from Windows Seven 64-bit doesn't appear to change anything, so we don't
think it's a format problem. Our leading hypothesis is that there's an
additional signing step needed; does Code 52 correspond to a more specific
failure of signing than its message indicates? Is there a step noticeably
missing?
 
Reply With Quote
 
 
 
 
Maxim S. Shatskih
Guest
Posts: n/a

 
      03-20-2010
> In expanding our drivers to support Windows Seven 64-bit, we've run into a
> snag, with error code 52.


What will setupapi.dev.log say?

--
Maxim S. Shatskih
Windows DDK MVP

http://www.storagecraft.com

 
Reply With Quote
 
 
 
 
DWinters
Guest
Posts: n/a

 
      03-31-2010
Sorry for the delay, I got pulled off the project to do firefighting on
another.

"Maxim S. Shatskih" wrote:
> What will setupapi.dev.log say?


I cleared the log and repeated the install (with the same result), and
uploaded it here: http://www.accesio.com/files/setupapi.dev.log

Based on my amateur reading, three times it doublechecks the .INF's
signature, failing the first and passing the second of each pair; but it's
ultimately the .SYS that fails, with "Error 0x800b0109: A certificate chain
processed, but terminated in a root certificate which is not trusted by the
trust provider.", and error code 52 is a cascade error, at "Device not
started: Device has problem: 0x34: CM_PROB_UNSIGNED_DRIVER.".
 
Reply With Quote
 
DWinters
Guest
Posts: n/a

 
      04-14-2010
We opened a support incident for this, and it ended up being signing without
cross-signing.

http://www.microsoft.com/whdc/winlog...crosscert.mspx
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"Unknown Publisher" with kernel-mode driver signed with VeriSign c Loring Windows Vista Drivers 0 04-26-2010 05:33 PM
Windows XP: embedding signed driver is not report as signed in devicemanager hq4000@hotmail.com Windows Vista Drivers 2 04-24-2008 11:47 AM
Kernel mode code signing - Test signing SenseShankar Windows Vista Drivers 4 04-17-2008 09:15 PM
64bit KMDF Driver is signed and installs fine, yet the driver details dialog box still shows "Not digitally signed"?? JasonA Windows Vista Drivers 3 07-19-2007 01:13 AM
Properly signed kernel 64bit driver rejected to run on Vista 64bit Jan Windows Vista Drivers 7 05-07-2007 05:20 PM